Testing the effects of recency and inertia on cyber threat detection through Instance-Based Learning

Cyber attacks, the disruption of normal functioning of computers in a network due to malicious events (threats), are becoming widespread. Security analysts are likely to play an important role in protecting computer networks by accurately and timely detecting cyber attacks. However, currently little is known on how certain cognitive factors might influence the analyst´s accurate and timely detection of cyber attacks. In this paper, we investigate the role of two cognitive factors, recency and inertia, that are likely to influence a simulated analyst´s detection of cyber attacks. We use an existing cognitive model, based upon Instance-Based Learning Theory (IBLT), which represents the working of a simulated analyst. We manipulate the reliance on recency of information and the reliance on inertia and evaluate the effects of these manipulations on the model´s accurate and timely detection of cyber attacks in a simulated cyber attack scenario. The IBL model is defined by recency: more or less reliance on recent information; and, inertia: low inertia dependence and high inertia dependence. Results reveal that although both recency and inertia influenced accuracy; the timeliness is influenced by inertia but not by recency. We highlight the implications of our findings for decision making of human security analysts.